ADC

Configure a cache redirection policy

A cache redirection policy includes an expression (also called a rule). The expression represents a condition that is evaluated when the client request is compared to the policy.

You do not explicitly configure actions for cache redirection policies.

A cache redirection policy has a name and includes an Advanced policy expression, or a set of Advanced policy expression clauses that are combined by using logical operators, and the following built-in actions:

  • CACHE
  • ORIGIN

For more information about Advanced policy expressions, see Policies and Expressions.

Add a cache redirection policy by using the CLI

At the command prompt, type the following commands to add a cache redirection policy and verify the configuration:

-  add cr policy <policyName> **-rule** <expression> -action<string> [-logAction<string>]

-  show cr policy [<policyName>]

<!--NeedCopy-->

Examples:

Policy with a simple expression:

> add cr policy crpol1 -rule !(HTTP.REQ.URL.ENDSWITH(".jpeg")) -action origin
 Done
> show cr policy crpoll
    Policy: crpol1 Rule: !(HTTP.REQ.URL.ENDSWITH(".jpeg")) Action: ORIGIN
    Hits: 0
 Done

<!--NeedCopy-->

Policy with a compound expression:

> add cr policy crpol11 -rule 'http.req.method.eq(post) && (HTTP.REQ.URL.ENDSWITH(".gif") || HTTP.REQ.URL.ENDSWITH(".cgi"))'  -action cache
 Done
> show cr policy crpol11
    Policy: crpol11    Rule: http.req.method.eq(post) && (HTTP.REQ.URL.ENDSWITH(".gif") || HTTP.REQ.URL.ENDSWITH(".cgi"))  Action: CACHE
    Hits: 0
 Done

<!--NeedCopy-->

Policy that evaluates a header:

> add cr policy crpol12 -rule http.req.header("If-Modified-Since").exists -action origin
 Done
> show cr policy crpol12
    Policy: crpol12    Rule: http.req.header("If-Modified-Since").exists   Action: ORIGIN
    Hits: 0
 Done

<!--NeedCopy-->

Modify or remove a cache redirection policy by using the CLI

  • To modify a cache redirection policy, use the set cr policy command, which is just like add cr policy command, except that you enter the name of an existing policy and you only have to provide the parameters that you want to modify.
  • To remove a policy, use the rm cr policy command, which accepts only the <name> argument. If the policy is bound to a virtual server, you have to unbind the policy, before you can remove it.

For the details of unbinding a cache redirection policy, see Unbind a policy from a cache redirection virtual server.

Configure a cache redirection policy with a simple expression by using the GUI

  1. Navigate to Traffic Management > Cache Redirection > Policies.

  2. In the details pane, click Add.

  3. In the Create Cache Redirection Policy dialog box, in the Name text box, type the name of the policy.
  4. Select the appropriate action CACHE or ORIGIN from the Action drop-down list.
  5. In the Log Action area, click Add. Type a name in the Create Audit Message Action dialog box.
    • Configure Log Level by choosing the appropriate value from the drop-down list:

      • EMERGENCY
      • ALERT
      • CRITICAL
      • ERROR
      • WARNING
      • NOTICE
      • INFORMATIONAL
      • DEBUG
    • Enter the experssion in the Expression area.
      • Expression Type-General
      • Flow Type -REQ
      • Protocol -HTTP
      • Qualifier -URL
      • Operator - !=
      • Value - /.jpeg
    • Click Create.
  6. To configure a simple expression, enter the expression. Following is an example of an expression that checks for a .jpeg extension in a URL:

    • Expression Type-General
    • Flow Type -REQ
    • Protocol -HTTP
    • Qualifier -URL
    • Operator - !=
    • Value - /.jpeg

    The simple expression in the following example checks for an If-Modified-Since header in a request:

    • Expression Type -General
    • Flow Type -REQ
    • Protocol -HTTP
    • Qualifier -HEADER
    • Operator -EXISTS
    • Header Name -If-Modified-Since
  7. When you are finished entering the expression, click Create.

Cache redirection with simple expression

Configure a cache redirection policy with a compound expression by using the GUI

  1. Navigate to Traffic Management > Cache Redirection > Policies.

  2. In the details pane, click Add.

  3. In the Name text box, enter a name for the policy.

    The name can begin with a letter, number, or the underscore symbol, and can consist of from one to 127 letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), and underscore (_) symbols. You should choose a name that makes it easy for others to tell what type of content this policy was created to detect.

  4. Select the appropriate action CACHE or ORIGIN from the Action drop-down list.
  5. In the Log Action area, click Add. Type a name in the Create Audit Message Action dialog box.
    • Configure Log Level by choosing the appropriate value from the drop-down list:

      • EMERGENCY
      • ALERT
      • CRITICAL
      • ERROR
      • WARNING
      • NOTICE
      • INFORMATIONAL
      • DEBUG
    • Enter the experssion in the Expression area.
      • Expression Type-General
      • Flow Type -REQ
      • Protocol -HTTP
      • Qualifier -URL
      • Operator - !=
      • Value - /.jpeg
    • Click Create.
  6. Choose the type of compound expression that you want to create. Your choices are:

    • Match Any Expression. The policy matches the traffic if one or more individual expressions match the traffic.

    • Match All Expressions. The policy matches the traffic only if every individual expression matches the traffic.

    • Tabular Expressions. Switches the Expressions list to a tabular format with three columns. In the rightmost column, you place one of the following operators:

      • The AND [ && ] operator, to require that, to match the policy, a request must match both the current expression and the following expression.
      • The OR [

      You can also group expressions in nested subgroups by selecting an existing expression and clicking one of the following operators:

      • The BEGIN SUBGROUP [+ ( ] operator, which tells the NetScaler appliance to begin a nested subgroup with the selected expression. (To remove this operator from the expression, click -( .)
      • The END SUBGROUP [+ ) ] operator, which tells the NetScaler appliance to end the current nested subgroup with the selected expression. (To remove this operator from the expression, click -) .)
    • Advanced Free-Form. Switches off the Expressions Editor entirely and turns the Expressions list into a text area in which you can type a compound expression. This is both the most powerful and the most difficult method of creating a policy expression, and is recommended only for those thoroughly familiar with the NetScaler classic expressions language.

      For more information about creating classic expressions in the Advanced Free-Form text area, see Configuring Classic Policies and Expressions.

      Caution: If you switch to Advanced Free Form expression editing mode, you cannot switch back to any of the other modes. Do not choose this expression editing mode unless you are sure that you want to use it.

  7. If you chose Match Any Expression, Match All Expressions, or Tabular Expressions, click Add to display the Add Expression dialog box.

    You should leave the expression type set to General for cache redirection policies.

  8. In the Flow Type drop-down list, choose a flow type for your expression.

    The flow type determines whether the policy examines incoming or outgoing connections. You have two choices:

    • REQ. Configures the NetScaler appliance to examine incoming connections, or requests.
    • RES. Configures the appliance to examine outgoing connections, or responses.
  9. In the Protocol drop-down list, choose a protocol for your expression.

    The protocol determines the type of information that the policy examines in the request or response. Depending upon whether you chose REQ or RES in the previous drop-down list, either all four or only three of the following choices are available:

    • HTTP. Configures the appliance to examine the HTTP header.
    • SSL. Configures the appliance to examine the SSL client certificate. Available only if you chose REQ (requests) in the previous drop-down list.
    • TCP. Configures the appliance to examine the TCP header.
    • IP. Configures the appliance to examine the source or destination IP address.
  10. Choose a qualifier for your expression from the Qualifier drop-down list.

    The contents of the Qualifier drop-down list depend on which protocol you chose. The following table describes the choices available for each protocol.

    Table 1. Cache Redirection Policy Qualifiers Available for Each Protocol

    Protocol Qualifier Definition
    HTTP METHOD HTTP method used in the request.
    - URL Contents of the URL header.
    - URLTOKENS URL tokens in the HTTP header.
    - VERSION HTTP version of the connection.
    - HEADER Header portion of the HTTP request.
    - URLLEN Length of the contents of the URL header.
    - URLQUERY Query portion of the contents of the URL header.
    - URLQUERYLEN Length of the query portion of the URL header.
    SSL CLIENT.CERT SSL client certificate as a whole.
    - CLIENT.CERT.SUBJECT Contents of the client certificate subject field.
    - CLIENT.CERT.ISSUER Client certificate issuer.
    - CLIENT.CERT.SIGALGO Signature algorithm used in the client certificate.
    - CLIENT.CERT.VERSION Client certificate version.
    - CLIENT.CERT.VALIDFROM Date from which the client certificate is valid. (The start date.)
    - CLIENT.CERT.VALIDTO Date after which the client certificate is no longer valid. (The end date.)
    - CLIENT.CERT.SERIALNUMBER Client certificate serial number.
    - CLIENT.CIPHER.TYPE Encryption method used in the client certificate.
    - CLIENT.CIPHER.BITS Number of significant bits in the encryption key.
    - CLIENT.SSL.VERSION SSL version of the client certificate.
    TCP SOURCEPORT Source port of the TCP connection.
    - DESTPORT Destination port of the TCP connection.
    - MSS Maximum segment size (MSS) of the TCP connection.
    IP SOURCEIP Source IP address of the connection.
    - DESTIP Destination IP address of the connection.
  11. Choose the operator for your expression from the Operator drop-down list.

    Your choices depend on the qualifier you chose in the previous step. The complete list of operators that can appear in this drop-down list is:

    • == . Matches the following text string exactly.
    • != . Does not match the following text string.
    • > . Is greater than the following integer.
    • CONTAINS . Contains the following text string.
    • CONTENTS . The contents of the designated header, URL, or URL query.
    • EXISTS . The specified header or query exists.
    • NOTCONTAINS . Does not contain the following text string.
    • NOTEXISTS . The specified header or query does not exist.

    If you want this policy to operate on requests sent to a specific Host, you can leave the default, the equals (==) sign.

  12. If the Value text box is visible, type the appropriate string or number into the text box.

    For example, if you want this policy to select requests sent to the host shopping.example.com, you would type that string in the Value text box.

  13. If you chose HEADER as the qualifier, type the header you want in the Header Name text box.

  14. Click OK to add your expression to the Expression list.

  15. Repeat steps 4 through 11 to create more expressions.

  16. Click Close to close the Add Expression dialog box and return to the Create Cache Redirection Policy dialog box.
  17. When you are finished entering the expression, click Create.
Configure a cache redirection policy